- This was a settlement, not what the attorney generals asked for. In Germany, regulators didn't even find anything to press charges with.- Also, just a little triviality here, but Google didn't actually violate any laws right?- The accusation against Google here is one employee was not supervised properly, not deliberate privacy invasion. Or do we want people to throw the book at this one employee? People here believe in what Aaron Swartz was doing, but it was still willful violation of the law. Pretty darn different.

One person got screwed by the law. Therefore we should throw the book at everyone!

I'm going to submit this submission for the best example of 'comparing apples to oranges'.

I'll assume the submitter knew nothing about the Google situation in this case, or should I think it's just a bad troll?

Google was collecting random, unencrypted, broadcast data as they plotted wi-fi access point coordinates for building a geolocation database. There was no intent to collect passwords or any other sensitive information, and intent is a huge component of criminality. So yes, this submission is a pretty massive troll. Google was eavesdropping at a party and possibly writing down more than they should have been, and Swartz was tapping phone lines during private conversations and recording all the audio with intent to distribute. Not even remotely close, unless one is blinded by troll-dom. But alas, this is slashdot, so every article must include a "sigh, if only Aaron were alive to see this..."

Is different reading what routers are publishing in the open air than a fully political prosecution [slashdot.org]. Google isn't, and is not treated as an enemy of the state, and is an US company after all (Samsung, as is not, had pay 1 Billon [nytimes.com] over for selling rectangular devices).

I'll assume the submitter knew nothing about the Google situation in this case, or should I think it's just a bad troll?

You, sir, are the troll. I am not.

Assuming you're the one who wrote the submission, yes actually you are.

You're comparing sniffing passwords from open, unsecured access points (which is arguably not even 'naughty' to start with) to a directed break-in of a computer system you were told, and signed an agreement, to not enter into. But since "Down with the Evil Corporation, Up with the Lone Renegade!" stories get a lot of page hits, they went ahead and pushed it to the front page.

I'll assume the submitter knew nothing about the Google situation in this case, or should I think it's just a bad troll?

You, sir, are the troll. I am not.

Assuming you're the one who wrote the submission, yes actually you are.

You're comparing sniffing passwords from open, unsecured access points (which is arguably not even 'naughty' to start with) to a directed break-in of a computer system you were told, and signed an agreement, to not enter into. But since "Down with the Evil Corporation, Up with the Lone Renegade!" stories get a lot of page hits, they went ahead and pushed it to the front page.

Sniffing open unsecured access point is most certainly naughty. It's basically like being a peeping Tom. Whether it deserves legal action and to what extent is debatable. But the "They were asking for it" argument also doesn't hold water.

not really. If you are running an unsecured node it's comparable to walking around naked in front of your open bay window. People might happen to see you naked as they walk by, but really it's your own fault.

not really. If you are running an unsecured node it's comparable to walking around naked in front of your open bay window. People might happen to see you naked as they walk by, but really it's your own fault.

Maybe for you. For most people who use the internet, this analogy doesn't hold up at all. It is more like they're walking around naked behind solid opaque walls, but unbeknownst to them, someone outside their house has the ability to magically make the walls invisible to himself and other similarly skilled magicians, but the naked person inside the house would still see the walls as solid.

And before you start saying stuff like "idiots shouldn't use the internet if they don't understand it" -- look around you and ask yourself whether you have anything more than a vague understanding of how the various services you use work, and by that I mean a complete technical picture covering exactly how those services are provided and the potential ways a nefarious individual could harm you by taking advantage of your lack of knowledge. Things, like water, electricity, sewer, mail, garbage collection, etc. etc. Are there ways to violate your privacy via the sewer system? Your health via the water system? I could imagine ways, but really, I wouldn't know because I have merely a general understanding of these things totally lacking in specific details. Doesn't make me stupid. Just makes me a human who can't know everything about everything.

"Ridiculous. You have to be actively listening for it on a given frequency."

The same applies to hearing someone's conversation as you walk past, the frequency in question is standard to Wifi.

"In short you have to expend effort to get the information."

Rubbish, all Wifi receiving equipment automatically works on the frequencies it's built for, you don't have to do any kind of magical tuning to receive wifi data - the same is true of your ears, when you overhear someone.

Are you sure that collecting packets and storing them from unsecured WiFi points is legal?

Unless they are covered by some sort of DMCA (or similar) protection, yes it is legal. Remember, this is basically the same thing that goes on when someone "steals" satellite-broadcast TV by tuning in and decrypting it with home-made hardware, and the only reason that is illegal is because of the copyright protection afforded to the content, it has nothing to do with what the actual "thief" is doing.

It's grey. When the law involves humans, perception is part of the law.

Technically an unsecured router is broadcasting unencrypted data on unlicensed frequencies for which receivers are ubiquitously available.Humans think of their Wifi connections like wireless "modem calls" and have some expectation of that kind of privacy (not saying it's rational, but they do).

This is much like voyeurism, if your neighbours are setting up a telescope to watch you in the shower they are the voyeurs, if they aren't but yo

One time I was setting up a microphone to record someone giving a speech. The long (and broken) microphone cable acted like an antenna, picking up wireless signals, so I was recording local radio traffic instead of the speech I was trying to record. Note there was no radio receiver hooked up - just a long cord plugged into a recorder. You can even hear wireless transmissions sometimes by just having a coiled cord connected to headphones. The cord serves as antenna and the coiling of the cord tunes it to a particular frequency.

If you've ever recorded static, you've recorded someone's wireless transmission. That's why in 1934 it was explicitly made legal to receive anything broadcast - because we've all done it on accident. If it were illegal to receive what someone is transmitting, it would be illegal to connect a long cord to headphones, because that will pick up "static", which is someone's transmission (your neighbor's wifi sounds like an intermittent buzzing). So it was perfectly legal for Google to receive wifi simply because it's unavoidable. Using an answering machine according to the instructions can record your neighbor's wifi as buzzing - the telephone wiring is the antenna.

Note that the long established law does NOT allow you to DECRYPT an encrypted transmission once you receive it. That would be "circumventing technical measures" under DMCA etc. In 2001, an attempt was made to make it illegal to DISCLOSE the content of certain transmissions. Last I heard, that was being challenged at the Supreme Court.

Come on, you can still have sympathy for people even if they were stupid. Man, I know some drunk homeless guys on the street, who I have sympathy for, even though it's entirely their fault where they are.

When someone is in a bad situation, it's ok to have sympathy for them, even if it's their own fault.

How do you know? I've suffered depression. I don't any more because I changed how I think about things that are out of my control. People who suffer depression, often do things that are counter productive in attempting to deal with stuff that is completely out of their control. This makes things worse for them. I know, I've been there.

And suicide is just one of those "counter productive" things people do when depressed. I know, I considered it. I don't have sympathy, with his choices, he made that bed. Well

"And suicide is just one of those "counter productive" things people do when depressed. I know, I considered it. I don't have sympathy, with his choices, he made that bed."

Sorry but here you just further highlight the GPs point, considering suicide as a passing thought when you've been depressed is a far removed idea from people who actually enter a genuine suicidal state which has been determined to be a roughly 30minute window where you lose all rationality.

I have nothing against pseudonymity --- just against hypocrisy, like talking about "manning up," "facing accusers," and "honor," while spitting on the deceased (who almost certainly did far more honorable service to humanity in his short life than "Archangel Michael" ever will) over the internet.

What Google did was unauthorized access to a computer system. You know, computers communicate with each other, the network is as much part of the system as the CPU is. What they did is in fact illegal in many places where they did it. The prosecutors know better than stand up to someone with such deep pockets, though. No, it wasn't like BP -- people understand so little about IT that the public outcry wasn't enough to cover possible fallout from messing with a legal department that got more dough than your

Do you know how those systems work at all? Let me give you na overview.System A: Sends out broadcast saying "hey, here i am!"System B: "I see you, can I connect?"\System A:" can do the following: 1-"sure come on in!" 2-"Sure, just give me a password"In these cases, System a chose 1 - "Come on in!"

Yes, it gets a lot more detailed, especially on the authorization side, but that doesn't matted becasue these system didn't ask for authorization.

And, in fact, it many places, what they did was not illegal. I would hard pressed to find a place where the scenro is illegal.Now if they were using an attack to gather the password, or get around a password that's a different story.

Nope. The SSID database is not all that they did. They sniffed the data packets as well. As in: they got the MACs of the machines of the network, even hardwired machines, they also logged the contents of all the IP traffic, mDNS names, NMB names, etc.

Nope. The SSID database is not all that they did. They sniffed the data packets as well. As in: they got the MACs of the machines of the network, even hardwired machines, they also logged the contents of all the IP traffic, mDNS names, NMB names, etc.

Really? [Citation needed]

What is publicly broadcast is the SSID and MAC address of the AP only. (No "SSID database", no other MAC addresses.) Most wireless APs are set up to broadcast that information because that's how they operate. There is nothing illegal or even the slightest bit wrong with seeing what APs are near you -- and that means seeing their SSIDs and MAC addresses. That. Isn't. Illegal. Or. Even. Wrong.

The rest of your comment is pure speculation and highly unlikely. You make it sound

Yeah, no. Google only sniffed unsecured access points. What part of "unsecured" (meaning no passwords) did you not understand? Also, according to the technical description: "we will typically have collected only fragments of payload data because: our cars are on the move; someone would need to be using the network as a car passed by; and our in-car WiFi equipment automatically changes channels roughly five times a second. In addition, we did not collect information traveling over secure, password-protect

The point is if a private citizen or smaller company had done what data did, which is to collect this 'public' information, and in some form potentially put it to use, which we have no evidence google did not do, the feds might have worked harder at finding a punishment. There is a bit of unequal justice going on.

Here is a couple of further examples. HSBC almost certainly laundered terrorist money. They were fined 1.9 billion dollars. That is like 1% of market cap. OTOH, a few years ago the leaders of Holy Land Foundation for Relief and Development were put in jail for a long time and had to forfeit most of their money, the prosecutor saying money is the lifeblood of terrorist organization. By this logic HSBC is responsible of countless murders of US citizens, yet they get off pretty much scott free.

Allegiance to a dominant group is also beneficial. Eric Rudolph committed a terrorist act by bombing the olympics and other premeditated and unprovoked murders. He was a fugitive for five years. He was arrested, did not turn himself in. One might think he would be charged as a terrorist, but because he was a major element in the Christian Movement, he was merely give consecutive life sentence,which allows him to spew his hate of persons who do not agree with him. OTOH, on of the beltway snipers who were not so politically motivated and were not kept hidden and supported by the Christian terrorist movement, were put to death.

Powerful friends, and good lawyers, will tend to minimize the consequences of your actions.

You apparently have no idea how promiscuous sniffing works. You set your wireless device to receive, fire up your sniffer, and anyone in range will be recorded-- kind of like if you turned on a tape recorder in the park, and someone happens to be hollering private details in the vicinity.

People should take responsibility for their actions. Companies are considered persons, so they need to take responsibility for their actions as well. So far the posters here deny that principle.

Where the comparison is breaking down: It was apparently one guy in the Aaron Swartz household, and one guy in the Google company, who thought it was a good idea to get data that they shouldn't have (although in the Google case, many people ended up collection data that they shouldn't have). If you have a company with 10,000 employees, and one employee costs you 20% of a days profit, that multiplied by 10,000 would be 5000 days profit, which is a lot. (But then again, it _was_ more than one employee collecting data because one guy wrote the code).

Google wandered around just receiving network data from open, broadcasting, wifi sites. Ostensibly so they coudl build up a map of places with free, open wifi like Starbucks or McDonalds et al. Unfortunately, lots of silly people also had open wifi nodes and the google cars simply couldn't tell that these weren't free wifi hotspots or not (could you?)

Google's "punishment" seems to me to be about right for the seriousness of the "crime". Swartz's was not. In fact, the penalty Swartz was threatened with was the actual result of "lobbying fees and campaign contributions" (by the MAFIAA and its ilk).

If you sniff packets, you are getting unauthorized access to a computer system. Heck, two computer systems - the endpoints of the conversation. Remember that the network is an essential part of the system.

If you mean Swartz, they offered to recommend zero prison time (except for time served of course) but couldn't assure it. He would also have had to accept a felony conviction on his record and the associated loss of rights.

Sigh. Google didn't "tap into the networks". They simply recorded packets being broadcast from open wifi points, for the purpose of logging the SIDs. A side-effect of recording the packets was that if they happened to contain fragments of plaint-text communication, they could in theory have logged passwords etc. This was the fault of the developer who had been tasked with writing software to log SIDs. When Google realised that more than that had been logged, they themselves reported it to the authorities.

Bad analogy time: a national birdwatching society has a project to record birdsong in the urban streets of the country. They also end up recording the "private" arguments of couples who are shouting at each other indoors, but with the window on the street side of the house left open.

Clearly, collecting data that people broadcast openly into the street as if they were yelling at the top of their lungs in the middle of a crowded arena is actually exactly taking the steps required to visit a website, find a loophole, exploit and download data.

I'm not saying Swartz deserved 35 years in jail (and he wouldn't have gotten that anyway), but to pretend willfully stealing data is the same as overhearing it and recording that... well that just make you look fucking stupid.

Google's mistake is that they were honest about it what they did by accident. It isn't even actually illegal to do it intentionally contrary to popular belief in most places, regardless of what this court case makes you think. The should have just kept their mouths shut. People who understand the technology don't care about what people did. The only people that care are the ones that heard Google say 'yea, we shouldn't have done that' and then they look for reasons to tear Google apart.

Swartz on the other hand took direct action to steal data for the express purpose of stealing the data. It wasn't an accident, it was intentional. That changes the punishment in and of itself from both a moral and a legal perspective. Swartz sounds (if you think you know the truth about the Swartz case, you're just ignorant) like he probably wasn't doing anything actually wrong either from a moral perspective, but from a legal one there is no question that he violated the most basic federal computer crimes law. Unauthorized access to any computer system is illegal, period, no ifs ands or buts about it. The only exception to that is if the 'access' wasn't your choice and was forced on you, such as say the perfect example... wifi signals broadcast at you. It is not legal to steal someones data and then say 'look, I stole some of your data, fix it!'

Slashdotters may think this is the moral high ground, but it isn't. What if he'd stolen say... a confidential database of aids patients in the area... and then someone stole it from him or he lost his laptop... and now that aids patient database becomes public... Would you still be so fucking stupid as to think it was OK for him to steal data he never had any rights too in any way? What if you were in that database? What if your child, who got aids through some shitty accident like the utrarare blood transfusion instances (rare now days anyway) and suddenly he can't go to school anymore because everyone is afraid of the little kid with HIV so your kid gets isolated from everyone and can't go to school... would it still be OK for Swartz to have stolen the data?

Swartz was unstable and depressed, stop pretending that he was an angel that was trying to protect us from the evil bad code and data leaks.

Google accidently stored and didn't immediately throw packets that BY DEFINITION THEY CAN NOT IGNORE and you act like its the same thing as intentional data theft.

Let me give you a hint, your wifi adapter... right now... is listening in on EVERY FREAKING SSID ON YOUR CHANNEL AND PROBABLY THE ONES NEXT TO IT AS WELL. If you have a wifi card the difference between you and Google is that Google wrote down what you threw out.

From the New York Times article, "The applause was not universal, however. Consumer Watchdog, another privacy monitor and frequent Google critic, said that “asking Google to educate consumers about privacy is like asking the fox to teach the chickens how to ensure the security of their coop.”"

Google grabbed (small bites of) data out of the air that had been broadcast on unencrypted channels, in the process of collecting potentially useful information about networks broadcasting their SSIDs. When confronted by authorities Google investigated the allegations, found them to be true, and cooperated in isolating and destroying the data collected.

Aaron Schwartz entered onto MIT's property, hiding a laptop under a box, for the express purpose of downloading specific documents which he knew to be offered under a restricted license. When MIT added security measures to stop Mr. Schwartz, he updated his program to adapt to and circumvent the new methods and continued his (admittedly illegal) downloading. When approached by uniformed police, Mr. Schwarz ran in an attempt to avoid arrest.

Google was offered a penalty a several millions dollars (20% of own days income) and to commit its employee time to . . . what is essentially community service. Google accepted. Google was probably threatened with steeper penalties, but we won't ever know that, because Google did not try to use the press as a weapon against investigators.

Mr. Schwarz was offered a light sentence of a few months in prison, but refused because he didn't want to be branded a Felon. He was threatened with up to 35 years in prison and a fine of $1 Million dollars. Mr. Schwarz wanted to bring public pressure to bear to force the government not to hold him accountable for his actions, so he made public every offer and threat made by the prosecutors.

Let us compare this to a third group - the civil rights marchers of the 1960s in Selma. There, a group of citizens gathered on the public way and attempted to commit a completely legal act -- walking to their state capital together. The police ordered the crowd to disperse, and then began beating them with clubs, releasing attack dogs on them, and attacking them with water cannons. Many were hospitalized. John Lewis, the march organizer, was beaten with a club - receiving an injury to the head that caused his skull to fracture, then placed in jail and charged with a nuisance offense. This day has been named "bloody Sunday" because of the breadth and severity of the injuries inflicted by the police on law abiding citizens.

Google grabbed (small bites of) data out of the air that had been broadcast on unencrypted channels, in the process of collecting potentially useful information about networks broadcasting their SSIDs. When confronted by authorities Google investigated the allegations, found them to be true, and cooperated in isolating and destroying the data collected.

Google grabbed _intentionally_. Someone thought it was a good idea to do this and wrote the code to achieve it. Next, Google did not cooperate. That's part of what the fine is for. They were supposed to delete everything and didn't.

Google's programmer grabbed an open source module. He wasn't aware of the extent of the logging, which included the full packets captured, which included usernames and passwords in some cases.

Aaron Schwartz knew that accessing the public domain works in the manner he was made people unhappy. But he was not technically stealing or violating the policies. They offered him unlimited and then capped him.

I am so sick of hearing how evil Google was for recording information that other people forcefully put out into public airwaves. I know there are going to be plenty of bad analogies, so let me attempt to preempt them with a good analogy. If you go through the effort of acquiring a bullhorn to communicate with other members in your household and then proceed to pollute public airwaves with your personal information using this bullhorn, you have absolutely zero expectations of privacy. It really is as simple as that. If you don't like this, then you have many options: takes 30 seconds to set up a damn password, use https connections when possible, or use a wired connection! Once you put something out there, you can't take it back, so exercise some damn personal responsibility if you hold any expectations of privacy.

The situation that is playing out was anticipated by many: The politically powerful have their proprietary information protected, because they can make government do it for them. Everyone else has no privacy.

Individual end-users don't have the ability to protect themselves. Most have no idea of encryption, much less what data is accessible to someone scanning Wifi frequencies (most people couldn't even tell you what a "frequency" is!). Even if they had the knowledge, they have limited time and resources. Th

Individual end-users don't have the ability to protect themselves. Most have no idea of encryption, much less what data is accessible to someone scanning Wifi frequencies (most people couldn't even tell you what a "frequency" is!). Even if they had the knowledge, they have limited time and resources.

End users have plenty of ability to protect themselves. You don't have to know how encryption works to set a password in your router and switch encryption on. The manuals walk you through all the steps. They eve

It's not at all hard to believe if you read about how the developer did his work with an open source module that he was unaware was logging to that extent. He grabbed what he needed and threw the rest away but didn't know the logs kept it all because he really didn't pay enough attention to that feature of the module.

It is almost an anthithesis to the word "justice". Consequences (punishment) depend only on two things: 1) who you are 2) whose fingers did you stomp on. Actual damages does not matter much (if at all).

If you're a big bank, corporation or some awfully rich individual with political connections, you propably get away with anything (be it drug money laundering, like HSBC, scamming an awful lot of people like in fraudclosure fiasco or stealing private e-mails and passwords en masse, like Google). If you're an

If I did that, what law would I be breaking? If I'm not obstructing the sidewalk, not going onto your property and not doing anything to bypass any privacy measures you've put in place (eg. by using a ladder to see over the fence you've put up), exactly what law would I be breaking standing there watching your house?

I think you'll find if you check that it's not a violation of any law. Only if you've taken some steps to insure privacy can I be touched for bypassing those measures. Celebrities have been fighting this for years. It's how the paparazzi get those candid photos and don't end up in jail.

And if you read the statutes, it won't be a violation of the law. All of them require either a) trespassing onto the property or b) violation of a reasonable expectation of privacy. You aren't trespassing if you're standing on public property where you'd ordinarily have every right to be standing, and you aren't violating any expectation of privacy if there's nothing in the way that would provide any sort of privacy. A person doesn't have any expectation of privacy standing in front of a window where the cu

"about" has a specific legal meaning here, and it isn't merely "in the vicinity of". If you were up a tree trying to gain a view over a fence, they could ding you. If you were peering through a small hole in a fence to see what you normally wouldn't be able to, they could ding you. Standing on the sidewalk where everyone normally walks? The cops might hassle you, but even they know the DA won't charge you (and if one did, any competent lawyer could get the charges dismissed in 5 minutes and get the DA a goo

[Just because...]...I have my blinds up doesn't make it legal for you to stand in the street and watch my family dress ot bathe.

Well, no. That doesn't "make it legal". Its legal to start with, and the fact that there is is no law which actually criminalizes standing on a public property and observing events occurring within a nearby private dwelling is what fails to make it illegal.

Sorry, in most places in the civilized world it's perfectly legal to do so. Heck, there are places where people don't mind that all that much. I remember that there was quite a lot of nice flesh to be seen through windows in Copenhagen.

What Google did is different simply because there are laws specifically prohibiting unauthorized access to computer systems, the networks being an extension and integral part of the same -- otherwise those laws would be largely moot, as you could claim that, say, injecting so